I'm struggling with giving a user permissions to alter the environment of a
method context.
The service looks similar to this:
<exec_method name='start' type='method' exec='/opt/blah/bin/myservice'/>
<property_group name='general' type='framework'>
<propval name='action_authorization' type='astring'
value='solaris.smf.manage.kgm' />
<propval name='value_authorization' type='astring'
value='solaris.smf.manage.kgm' />
</property_group>
<instance name='inst1' enabled='false'>
<method_context>
<method_credential user='kgm' group='kgm' />
<method_environment>
<envvar name='HOME' value='/home/kgm'/>
</method_environment>
<method_context>
</instance>
/etc/security/auth_attr contains:
solaris.smf.manage.kgm:::Manage KGM services::
/etc/user_attr contains:
kgm::::type=normal;auths=solaris.smf.manage.kgm
I thought this would be enough to enable the 'kgm' user to do the following:
svccfg -s myservice:inst1 setenv -i HOME /export/home/kgm
But I get:
svccfg: permission denied
- which is not very helpful and even svccfg -v does not give any more
information than that.
I'm guessing that I need some variant of solaris.smf.modify auth somewhere, but
I just can't figure it out.
This message posted from opensolaris.org
